An Ethical Consideration for the CISO/CIO as Change Leader /Advocate.
By Karl Schoen-Rene, Director of IT Security, Knights of Columbus
I have spent 30+ years in the computer security realm, both as CISO and as an IT Auditor. I have managed change in the environments I controlled and have observed that change often comes in cycles. The problems we face are very often repetitive in nature. Technology is the driver. It is the differentiator. It is what we need to be aware of as the cycle of change happens more quickly each passing day.
As a change agent in any company, in any industry, we often get caught up in the pace of change. We try to manage the world we can control by staying on the chariot as it races around and around the race track. We often forget to worry about the horse pulling the chariot, or the crowd that is watching the race, that we see only as a blur of faces.
I maintain that it is imperative for us to take the human condition into account. We become more focused on how to connect to the millions of people who are connected to the web and sell our services/ goods directly to the consumer. This leads to a decrease in expenses and an increase in profits. However, we tend to become less focused on what these changes mean. It leads to a detachment from the effects of our transformation on the horse and the crowd, i.e. our employees and our customers.
I am not part of the automotive industry and have never been. However, I have worked with individuals who are. Let us take a brief look at what effect I believe the introduction of driverless cars will mean to society in general.
I am saying that to do it in a vacuum will be dangerous for our society and the world’s stability
The major car manufacturers should be planning to move towards providing transportation services as their primary product. Manufacturing the transport will become a secondary function. On average a car costs about $30,000 in current dollars to manufacture. Assuming 100% markup plus, that means an average return of 50% on each vehicle put on the road. If instead you don’t sell that vehicle but place it into service in a digital transportation marketplace, breakeven occurs around 50,000 miles. You get all your money back for maintenance, construction etc within the first 25% of the lifetime of the vehicle, making the rest of the income 100% profit. In terms of a business case, I consider this to be a no-brainer, and enough economic incentive to drive the industry in this direction (i.e Lyft a GM company).
So what does this do to the world? The following businesses are completely disrupted. Drivers of all types: limos, taxis, school bus, regular bus, long haul and short haul freight will no longer have employment. Local mechanics will no longer have customers’ cars to work on. The local gas station will become the corner store it has been trying to be for the last 10 years. Car dealerships will become museums for cars that used to be or toys for the very rich. Car insurance for individuals will be a thing of the past. All of these individuals/ companies will need to find other sources of income. This will be harder and harder as all industries follow suit with automation and machine learning providing a catalyst for lower expenses and higher profits.
On a smaller scale, I see the same effect happening in the IT Security arena. All projections point to a significant shortage of skilled security professionals in the next few years. I postulate that we will see a digital revolution in our space as well. You can see it in the new tools that are being developed to look at behavior, not logs. To react to anomalies not actual exfiltration of information. These tools already are telling us what we need to look at, it will not be long before we start turning over control to the software to remediate issues and then report. No need for large staffs of analysts. So what do all the individuals who are in the training path into this industry do when they get out of school and cannot find jobs?
I am not saying that companies need to stop innovation or transformation. That would be corporate suicide. I am saying that to do it in a vacuum will be dangerous for our society and the world’s stability. Companies need to take ownership of the results of their progress and contribute back to help stabilize our future, and we as senior officers need to help provide an ethical balance.